The remote host is missing an update to cupsannounced via advisory MDVSA-2008:081.

A heap-based buffer overflow in CUPS 1.2.x and later was discovered byregenrecht of VeriSign iDenfense that could allow a remote attackerto execute arbitrary code via a crafted CGI search expression(CVE-2008-0047).

A validation error in the Hp-GL/2 filter was also discovered(CVE-2008-0053).

Finally, a vulnerability in how CUPS handled GIF files was found byTomas Hoger of Red Hat, similar to previous issues corrected in PHP,gd, tk, netpbm, and SDL_image (CVE-2008-1373).

The updated packages have been patched to correct these issues.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

Solution:To upgrade automatically use MandrakeUpdate or urpmi. The verificationof md5 checksums and GPG signatures is performed automatically for you.